Field of the Invention
The present invention is in the field of use of computer systems in business information management, operations and predictive planning. Specifically, the use of an advanced cyber decision system to both mitigate the initiation of new cyber-attacks and provide near real-time triage analysis of ongoing cybersecurity breaches.
Discussion of the State of the Art
Over the past decade, the frequency and complexity of cyber attacks (i.e. illegal access and modification) against the information technology assets of multiple companies as well as departments and agencies within the U.S. government have escalated significantly and the discovery and use of IT infrastructure vulnerabilities continues to accelerate. The pace of cyber break-ins may be said to have now reached the point where relying on protection methods derived only from published previous attacks and advisories resultant from them now only provides a moderate level of protection. Further, the sheer volume of cyber security information and procedures has far outgrown the ability of those in most need of its use to either fully follow it or reliably use it, overwhelming those charged with cybersecurity duties for the thousands of enterprises at risk. Failure to recognize important trends or become aware of information in a timely fashion has led to highly visible, customer facing, security failures such as that at TARGET™, ANTHEM™, DOW JONES™ and SAMSUNG ELECTRONICS™ over the past few years, just to list a few of those that made the news. The traditional cyber security solutions most likely in use at the times of these attacks require too much active configuration, ongoing administrator interaction, and support while providing limited protection against sophisticated adversaries—especially when user credentials are stolen or falsified.
There have been several recent developments in business software that have arisen with the purpose of streamlining or automating either business data analysis or business decision process which might be harnessed to aid in bettering cyber security. PLANATIR™ offers software to isolate patterns in large volumes of data, DATABRICKS™ offers custom analytics services, ANAPLAN™ offers financial impact calculation services. There are other software sources that mitigate some aspect of business data relevancy identification in isolation, but these fail to holistically address the entire scope of cybersecurity vulnerability across an enterprise. Analysis of that data and business decision automation, however, remains out their reach. Currently, none of these solutions handle more than a single aspect of the whole task, cannot form predictive analytic data transformations and, therefore, are of little use in the area of cyber security where the only solution is a very complex process requiring sophisticated integration of the tools above.
There has also been a great proliferation in the use of network-based service companies offering cyber security consulting information. This only serves to add to the overload of information described above, and, to be of optimal use, must be carefully analyzed by any business information management system purporting to provide reliable cybersecurity protection.
What is needed is a fully integrated system that retrieves cybersecurity relevant information from many disparate and heterogeneous sources using a scalable, expressively scriptable, connection interface, identifies and analyzes that high volume data, transforming it into a useful format. Such a system must then use that data in concert with an enterprise's baseline network usage characteristic graphs and advanced knowledge of an enterprise's systems especially those harboring sensitive information to drive an integrated highly scalable simulation engine which may employ combinations of the system dynamics, discrete event and agent based paradigms within a simulation run such that the most useful and accurate data transformations are obtained and stored for the human analyst to rapidly digest the presented information, readily comprehend any predictions or recommendations and then creatively respond to mitigate the reported situation. This multimethod information security information capture, analysis, transformation, outcome prediction, and presentation system forming a “business operating system.”